This week, Arbitrum’s Security Council swiftly responded to the KelpDAO exploit by freezing over 30,000 ETH associated with the attacker, marking it as a triumph for user protection. However, this action has reignited one of cryptocurrency’s longstanding debates: What does decentralization truly mean when an entity can override network outcomes post-event?
Central to this debate is Arbitrum’s Security Council, a small elected group empowered by token holders every six months to act during emergencies. Recently, they utilized these powers to seize control over funds linked to the exploit, placing them on hold for further governance decisions.
Proponents argue that such actions exemplify an effective system designed to prevent potential laundering of tens of millions of dollars and provide time for recovery. Conversely, critics highlight a stark reality: even in decentralized systems, ultimate control can rest with a few individuals or groups.
For Arbitrum insiders like Steven Goldfeder, co-founder of Offchain Labs (the creator and supporter of Arbitrum), the decision was anything but hasty. Initially, doing nothing was the default approach during Security Council discussions. However, an idea emerged from a council member to execute the freeze in a precise manner without impacting other users or network performance.
Arbitrum refers to this action as a “freeze,” though it technically involved active measures: using privileged powers to transfer funds from the attacker-controlled address into an ownerless wallet, effectively immobilizing them. This distinction fuels the decentralization debate, where pure decentralization suggests that no individual or group can unilaterally alter transactions once executed, often summarized by the adage “code is law.” Critics fear such interventions might be misused under regulatory or political pressures.
The concern revolves around precedent: If intervention is possible in one instance, how and when will it be applied elsewhere?
This demonstrated capability prompts broader questions about decentralization on Layer 2 blockchains and the balance between security and neutrality. Although elected by token holders, the Security Council remains a small group capable of swift, decisive action.
Patrick McCorry, head of research at the Arbitrum Foundation and coordinator with the Security Council, asserts that this structure is intentional. The council is “a very transparent part of the system,” he noted, highlighting their elected status by token holders rather than appointment by Offchain Labs or the Arbitrum Foundation.
The council members are chosen through recurring on-chain elections every six months, appointing 12 members at a time.
Some critics argue that such significant decisions should involve token-holder governance. However, Goldfeder contends that speed and discretion were crucial. He likens consulting the DAO to involving North Korea due to ongoing investigations linking the attacker to it. “If you say, ‘hey guys, should we move these funds?’ then you might as well do nothing,'” he explained.
Thus, the dilemma was framed not as decentralized versus centralized decision-making but between swift action and potential loss of funds. Indeed, attackers began laundering remaining stolen funds soon after the Security Council’s intervention.
Supporters suggest this reality underscores a different tradeoff: balancing ideals with practical risk management. Without emergency interventions like those by the Security Council, crypto thefts are typically irreversible, potentially destabilizing the ecosystem.
From this viewpoint, the Security Council acts less as a centralized authority and more as an essential safeguard for extreme scenarios.
“We’re no more or less decentralized today than we were yesterday,” Goldfeder remarked.